Overview

The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet.

Description

The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. If an intruder can convince a victim to run a malicious Java applet, the intruder could run arbitrary code on the victim's machine. For more information, please see Microsoft Security Bulletin MS03-011.

Impact

After convincing a victim to download and run a malicious Java applet, an intruder could run arbitrary code with the privileges of the victim.